Aggregator

Harmonic Security最新季度报告指出，大量员工在使用生成式AI（GenAI）工具和集成AI功能的SaaS应用时，无意中提交了包含敏感信息的文件和请求，导致数据暴露风险显著上升。

Meta 旗下微博客服务 Threads 月活跃用户数突破 4 亿，而今年五月公布的数据是 3.5 亿，意味着三个月增加 5000 万。此外移动端的日活用户数缩小了与最主要竞争对手 X/Twitter 的差距。根据 X 前 CEO Linda Yaccarino 透露的数字，X 的月活用户数超过 6 亿。根据 Similarweb 的最新数据，Threads 在移动设备上的日活跃用户数接近 X。2025 年 6 月，Threads 的 iOS 和 Android 应用日活跃用户数为 1.151亿，同比增长127.8%。X 的日活跃用户数 1.32 亿，同比下降 15.2%。Similarweb 的数据显示，X 的日访问量远远领先于Threads，X 在  6 月的全球日均访问量为 1.458 亿，而 Threads 仅为 690 万。

Authorities in Saint Paul, Minnesota, are still grappling with the aftermath of a cyberattack that crippled large portions of the city’s municipal operations. Responsibility for the incident has been claimed by the hacking group...

The post Saint Paul Cyberattack Disrupts City, Interlock Ransomware Group Claims 43GB Data Theft appeared first on Penetration Testing Tools.

U.S. authorities have disclosed the details of a July operation against the BlackSuit ransomware syndicate, a coordinated strike that dismantled the group’s infrastructure and seized its digital assets. On July 24, in an internationally...

The post Law Enforcement Dismantles BlackSuit Ransomware, Seizing Servers and $1M in Crypto appeared first on Penetration Testing Tools.

OpenAI 更新 ChatGPT 至 GPT-5，新增自动、快速、思考模式。免费用户每周最多发送 3000 条思考消息，超出后切换至 GPT-5 Thinking mini。付费用户可选择 GPT-4o、4.1 等模型。上下文窗口扩大至 19.6 万个 tokens，并根据反馈持续优化模型体验。

Patch Tuesday — когда у Windows день стирки, а белья слишком много.

The North Korean cyber-espionage group Kimsuky has unexpectedly found itself in the role of victim after two hackers — identifying themselves as the “antithesis of Kimsuky’s values” — infiltrated its infrastructure and released stolen...

The post Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group appeared first on Penetration Testing Tools.

The ESET research team has published a detailed analysis revealing how the cyber-espionage group RomCom exploited a previously unknown path-traversal vulnerability in WinRAR (CVE-2025-8088) to stealthily install malicious software on victims’ computers. This flaw...

The post WinRAR Zero-Day (CVE-2025-8088) Exploited by RomCom Hackers, ESET Warns appeared first on Penetration Testing Tools.

Researchers have determined that a critical flaw in the SSH stack implementation of Erlang/Open Telecom Platform had been actively exploited as early as May 2025, with roughly 70% of detections targeting firewalls safeguarding industrial...

The post Critical Erlang/OTP Flaw (CVE-2025-32433) Actively Exploited, Poses Major Threat to Industrial Networks appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in Advanced File Manager Plugin on WordPress. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-0818. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in File Manager Plugin on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-0818. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in File Manager Pro Plugin on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-0818. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Easy Restaurant Menu Manager Plugin up to 2.0.2 on WordPress and classified as problematic. Affected by this issue is the function nsc_eprm_save_menu. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-8491. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-8760. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124 and classified as critical. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. This vulnerability was named CVE-2025-8761. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124 and classified as problematic. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. The identification of this vulnerability is CVE-2025-8762. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available.

Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...

The post Phishing to PowerShell RAT: New Fileless Attack Targets Israeli Critical Infrastructure appeared first on Penetration Testing Tools.

Pavel Durov announced that over the past 20 days, Telegram has received hundreds of reports from users about cases of extortion and doxxing. Based on these complaints, the platform initiated a large-scale purge of...

The post Telegram Fights Back: Platform Purges Channels Used for Extortion and Doxxing appeared first on Penetration Testing Tools.